Protection from ransomware

February 2017 Information Security, Infrastructure

If you’ve been listening to the news in the past few months, you have undoubtedly heard of a number of companies being affected by ransomware. The recent surge in this form of cyber attack has many organisations and users understandably concerned. And you should be too.

Ransomware is nasty stuff. However, with some careful preparation, you can significantly lower your risk of being infected, and reduce the impact on you or your organisation should you be hit.

Paul Williams, country manager – SADC at Fortinet.
Paul Williams, country manager – SADC at Fortinet.

Ransomware is a form of malware that infects devices, networks and data centres, encrypting critical files and prevents them from being used until the user or organisation pays a ransom to have the system unlocked. Ransomware has been around since at least 1989, when the ‘PC Cyborg’ trojan encrypted file names on a hard drive and insisted users pay $189 to have them unlocked. In the interim, ransomware attacks have become increasingly sophisticated, targeted, and lucrative.

The impact of ransomware is difficult to calculate, since many organisations opt to simply pay to have their files unlocked – an approach that doesn’t always work. However, a report on the Cryptowall v3 ransomware campaign, issued in October of 2015 by the Cyber Threat Alliance, estimated that the cost of that attack was US$ 325 million.

Ransomware generally works in one of several ways. Crypto Ransomware can infect an operating system so that a device is unable to boot. Other ransomware will encrypt a drive or a set of files or file names. Some malicious versions have a timer and begin deleting files until a ransom has been paid. All demand that a ransom be paid in order to unlock or release the blocked or encrypted system, files, or data.

What do I do to stop it?

Here are 10 things you need to do to protect yourself and your organisation from the effects of ransomware.

1. Develop a backup and recovery plan. Back up your systems regularly, and store that backup offline on a separate device.

2. Use professional email and web security tools that analyse email attachments, websites, and files for malware, and can block potentially compromised advertisements and social media sites that have no business relevance. These tools should include sandbox functionality, so that new or unrecognised files can be executed and analysed in a safe environment.

3. Keep your operating systems, devices, and software patched and updated.

4. Make sure that your device and network antivirus, IPS, and antimalware tools are running the latest updates.

5. Where possible, use application white listing, which prevents unauthorised applications from being downloaded or run.

6. Segment your network into security zones, so that an infection in one area cannot easily spread to another.

7. Establish and enforce permission and privilege, so that the fewest number of users have the potential to infect business-critical applications, data, or services.

8. Establish and enforce a BYOD security policy which can inspect and block devices which do not meet your standards for security (no client or anti-malware installed, antivirus files are out of date, operating systems need critical patches, etc.).

9. Deploy forensic analysis tools so that after an attack you can identify:

a) Where the infection came from,

b) How long it has been in your environment,

c) That you have removed all of it from every device, and

d) That you can ensure it doesn’t come back.

10. This is critical: Do not count on your employees to keep you safe. While it is still important to increase your user-awareness training so employees are taught to not download files, click on email attachments, or follow unsolicited web links in emails, human beings are the most vulnerable link in your security chain, and you need to plan around them.

Here’s why: For many of your employees, clicking on attachments and searching the Internet is part of their job. It is difficult to maintain the appropriate level of scepticism. Second, phishing attacks have become very convincing. A targeted phishing attack uses things like online data and social media profiles to customise an approach. Third, it is simply human nature to click on an unexpected invoice or critical message from your bank. And finally, in survey after survey, users feel that security is someone else’s job, not theirs.

What if I get infected?

I hope that you have a recent backup and you can wipe your device and reload it with an uninfected version. Here are some other things you need to do:

1. Report the crime.

2. Paying the ransom is no guarantee.

3. Contact experts.

4. Have a Plan B.





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Navigating the evolving tech landscape in 2024 and beyond
Residential Estate (Industry) Infrastructure
Progress in the fields of AI, VR and social media is to be expected, but what is not, is our fundamental relationship with how we deploy solutions in our business and how it integrates with greater organisational strategies and goals.

Read more...
New ransomware using BitLocker to encrypt data
Technews Publishing Information Security Residential Estate (Industry)
Kaspersky has identified ransomware attacks using Microsoft’s BitLocker to attempt encryption of corporate files. It can detect specific Windows versions and enable BitLocker according to those versions.

Read more...
Create order from chaos
Information Security
The task of managing and interpreting vast amounts of data is akin to finding a needle in a haystack. Cyberthreats are growing in complexity and frequency, demanding sophisticated solutions that not only detect, but also prevent, malicious activities effectively.

Read more...
Trend Micro launches first security solutions for consumer AI PCs
Information Security News & Events
Trend Micro unveiled its first consumer security solutions tailored to safeguard against emerging threats in the era of AI PCs. Trend will bring these advanced capabilities to consumers in late 2024.

Read more...
Kaspersky finds 24 vulnerabilities in biometric access systems
Technews Publishing Information Security
Customers urged to update firmware. Kaspersky has identified numerous flaws in the hybrid biometric terminal produced by international manufacturer ZKTeco, allowing a nefarious actor to bypass the verification process and gain unauthorised access.

Read more...
Responsible AI boosts software security
Information Security
While the prevalence of high-severity security flaws in applications has dropped slightly in recent years, the risks posed by software vulnerabilities remain high, and remediating these vulnerabilities could hinder new application development.

Read more...
AI and ransomware: cutting through the hype
AI & Data Analytics Information Security
It might be the great paradox of 2024: artificial intelligence (AI). Everyone is bored of hearing it, but we cannot stop talking about it. It is not going away, so we had better get used to it.

Read more...
NEC XON shares lessons learned from ransomware attacks
NEC XON Editor's Choice Information Security
NEC XON has handled many ransomware attacks. We've distilled key insights and listed them in this article to better equip companies and individuals for scenarios like this, which many will say are an inevitable reality in today’s environment.

Read more...
iOCO collaboration protection secures Office 365
Information Security Infrastructure
The cloud, in general, and Office 365, in particular, have played a significant role in enabling collaboration, but it has also created a security headache as organisations store valuable information on the platform.

Read more...
Smart mining operations management
Mining (Industry) Infrastructure IoT & Automation
In his presentation at the recent MESA Africa conference, Neels van der Walt, Business Development Manager at Iritron, revealed the all-encompassing concept of SMOM (Smart Mining Operations Management) and why it is inextricably linked to the future of worldwide mining operations.

Read more...